Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Toronto Public Library uncertain whose data stolen in October cyber attack

    February 20, 2024

    The Toronto Public Library needs more time to investigate whether cardholder, volunteer and donor data has been compromised during a serious cyberattack four months ago. In a final report to the board on the October 2023 security breach that the library said exposed the personal data of staff and family members, it said it is “currently ...

  • ConnectWise Releases Critical Security Update for ScreenConnect

    February 20, 2024

    ConnectWise has released a security update addressing two vulnerabilities in on-premise ScreenConnect deployments. The update addresses a critical authentication bypass vulnerability with a CVSSv3 score of 10 and a path traversal vulnerability with a CVSSv3 score of 8.4. A remote unauthenticated attacker could exploit these vulnerabilities to read arbitrary files, gain root access on the underlying ...

  • Law enforcement disrupt world’s biggest ransomware operation

    February 20, 2024

    In a significant breakthrough in the fight against cybercrime, law enforcement from 10 countries have disrupted the criminal operation of the LockBit ransomware group at every level, severely damaging their capability and credibility. LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage. This international sweep follows ...

  • Cambridge faces cyber attack

    February 19, 2024

    The University faced a cyberattack yesterday (20/02), which is affected internet and services across multiple UK higher education institutions. Students at various colleges were notified of the attack, which affected access to IT services such as CamSIS and Moodle. An internal email revealed that the incident was a Distributed Denial of Service (DDoS) attack, described as ...

  • UK: Council worker took tens of thousands of email addresses in massive data breach

    February 19, 2024

    A massive data breach by a worker at Stratford-on-Avon District Council saw tens of thousands of email addresses taken. The breach, which happened in November last year, was over a database of email addresses given by residents, the authority said. The probe found that around 79,000 email addresses from the garden waste collection database were affected. ...

  • SolarWinds Releases Critical Security Updates for Access Rights Manager

    February 19, 2024

    SolarWinds has released security updates addressing five remote code execution (RCE) vulnerabilities in Access Rights Manager (ARM). Path traversal vulnerabilities, CVE-2024-23476 and CVE-2024-23479, are both rated as critical with a CVSSv3 score of 9.6. An unauthenticated attacker could exploit these vulnerabilities, which could lead to RCE. Read more… Source: NHS Digital